package phapp.springSecurity;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

/**
 * <p>
 * Title: 访问权限过滤器
 * </p>
 * Description: </p> Copyright: Copyright (c) 2012-09 Company:
 * 
 * @author
 * @version 1.0
 */

public class MyFilter extends AbstractSecurityInterceptor implements Filter
{

   private FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;

   /**
    * 
    * @param request
    * @param response
    * @param chain
    * @throws IOException
    * @throws ServletException
    */
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
   {
      //HttpServletRequest httpRequest = (HttpServletRequest) request;
      FilterInvocation filterInvocation = new FilterInvocation(request, response, chain);
      invoke(filterInvocation);
   }

   public Class<? extends Object> getSecureObjectClass()
   {
      return FilterInvocation.class;
   }

   public void invoke(FilterInvocation filterInvocation) throws IOException, ServletException
   {
      InterceptorStatusToken token = super.beforeInvocation(filterInvocation);
      
      try
      {
         filterInvocation.getChain().doFilter(filterInvocation.getRequest(), filterInvocation.getResponse());
      }
      finally
      {
         super.afterInvocation(token, null);
      }
   }

   public SecurityMetadataSource obtainSecurityMetadataSource()
   {
      return this.filterInvocationSecurityMetadataSource;
   }

   public void destroy()
   {
   }

   public void init(FilterConfig arg0) throws ServletException
   {
   }

   public FilterInvocationSecurityMetadataSource getFilterInvocationSecurityMetadataSource()
   {
      return filterInvocationSecurityMetadataSource;
   }

   public void setFilterInvocationSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource)
   {
      this.filterInvocationSecurityMetadataSource = filterInvocationSecurityMetadataSource;
   }

}
